import subprocess
import os
import sys

sqlmap_path = r"D:\develop\sqlmap\sqlmap.py"  # sqlmap.py 绝对路径
url = "http://localhost:8080/uploader/list?username=test1&page=1&pageSize=10&fileName=test"

current_floder_path = os.path.dirname(os.path.abspath(__file__)) + os.sep
file_path = os.path.join(current_floder_path, 'SqlAttackGeNFile.txt')

if os.path.exists(file_path):
    os.remove(file_path)
    print(f"已删除旧文件: {file_path}")

cmd = [
    sys.executable, sqlmap_path,
    "-u", url,
    "-p", "fileName,username",
    "--dbms=mysql",
    "--level=5",
    "--risk=3",
    "--time-sec=8",
    "--tamper=space2comment,between,randomcase",
    "-v", "3",
    "--batch",
    "--flush-session",
    "--random-agent"
]

with open(file_path, "w", encoding="utf-8") as f:
    process = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, text=True, encoding='utf-8', errors='replace', cwd=os.path.dirname(sqlmap_path))
    for line in process.stdout:
        f.write(line)
exit_code = process.wait()
print(f"[+] sqlmap 输出已保存到: {file_path} (exit code {exit_code})")
